|
Today's Question
|
Taken from Cert-CISSP
Related Exam: ISC2 Cert-CISSP SecurityCert: CISSP
Item Number: Cert-CISSP.3.7.12
You are the security manager for your organization. You are identifying potential security risks for your organization. Which technique would you NOT use?
|
|
|
Previous question and answer:
|
Taken from Cert-CISSP
Related Exam: ISC2 Cert-CISSP SecurityCert: CISSP
Item Number: Cert-CISSP.1.1.65
You are designing the procedures for your company's user account review. Which two actions should you include as part of this review?
- When implementing user account reviews, you should ensure that all active user accounts have a password and that all user accounts conform to the principle of least privilege.
It is not necessary to ensure that all accounts are active. In most systems, there are usually some inactive accounts. These accounts may be maintained for employees on extended leave. In addition, some terminated employee accounts may be maintained but inactivated to ensure access to terminated employee's personal data.
It is not necessary to ensure that there are no duplicate accounts. Your network operating system should address duplicate accounts at the time the account is created.
During user account reviews, you should not ensure that all passwords follow the complexity rules. This is a password deployment guideline, not a user account guideline.
There are other account review actions you may need to perform. You should ensure that all active accounts are still being used. It is always possible that you were not notified of an inactive account. You should also ensure that management authorizations for access are updated. This will ensure that users only have those privileges management has authorized. You may also want to check user's employment titles and privileges against what they have in the system. A user could have been transferred to another department or job title without you being notified.
References:
- CISSP Certification All-in-One Exam Guide, Chapter 4: Access Control, Identification, Authentication, Authorization, and Accountability, Authorization, Need to Know, pp. 196-198
CISSP Certification All-in-One Exam Guide, Chapter 4: Access Control, Identification, Authentication, Authorization, and Accountability, Identification and Authentication, Password Management, pp. 169-194
|
|
|
Previous Questions
Today
05/23/2013
05/22/2013
05/21/2013
05/20/2013
05/17/2013
05/16/2013
05/15/2013
05/14/2013
05/13/2013
05/10/2013
05/09/2013
05/08/2013
05/07/2013
05/06/2013
05/03/2013
05/02/2013
05/01/2013
04/30/2013
04/29/2013
04/26/2013
04/25/2013
|